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DETAILED ACTION 
Claim Rejections - 35 USC §102 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

Claims 1 and 16 are rejected under 35 U.S. C. 102(b) as being anticipated by Rowland et 
al. (EP0 844 767 Al). 

In reference to claims 1 and 16, Rowland discloses a method for sharing user 
information, comprising (abstract): receiving a request from a web site host for information 
concerning a user that has visited a web site maintained by the web site host (column 6 lines 12- 
15); verifying a authorization of the web site host to receive the information (Fig. 7 part 707 in 
combination with column 6 lines 18-23) the system verifies that the website is allowed access by 
finding the entry for the website in the browserid website database; determining a level of access 
for which the web site host is authorized (column 6 lines 28-41); and transmitting user 
information to the web site host such that the web site host can personalize the web site for the 
user (column 1 lines 29-30). 

Claim Rejections - 35 USC§ 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 2-3, 5, 7 and 17-18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rowland. 
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In reference to claims 2 and 17, Rowland discloses a system for personalizing a website 
wherein the user determines the level of access using a code that is designated to the website host 
from the user and therefore received by the web site host from the user (column 6 lines 28-3 1). 

However Rowland does not disclose the website providing said user code during the step 
of verifying the authorization. 

Since the website host specifies in the request to the client the specific item of 
information that is required by the website host (column 6 lines 16-17), at the time the invention 
was made, it would have been obvious to a person of ordinary skill in the art to transmit the 
authorization code, that is designated by the client, to the website host that sends said 
authorization code to the user for the verification step. One of ordinary skill in the art would 
have been motivated to do this because the website host would be responsible for retrieving the 
authorization code and therefore reduce the calculation time and storage space in the client 
machine. 

In reference to claim 3, wherein the user code is associated with a predetermined level of 
access to user information (column 5 lines 55-58). 

In reference to claims 5 and 18, wherein the step of determining the level of access 
comprises comparing the user code provided by the web site host with a user code assigned to 
the user and relevant to a particular user information set (column 5 lines 55-58). 

In reference to claim 7 wherein the step of transmitting user information comprises 
transmitting user profile information while withholding personal information about the user (Fig. 
6). 
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Claim 4 is rejected under 35 U.S. C 103(a) as being unpatentable over Rowland as 
applied to claim 2 above, and further in view of Schneier. 

In reference to the user code comprises a transient key. A transient key is a key that 
expires after a period of time. 

Rowland does not expressly disclose the code that was designated by the user comprising 
a transient key. 

Schneier teaches that a key should expire automatically; therefore a system should have a 
policy that determines the permitted lifetime of a key (pages 183-184). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a code that expires after a certain period of time as disclosed in Schneier in 
the system of Rowland. One of ordinary skill in the art would have been motivated to do this 
because the longer the code is used the greater the chance that the system will be compromised. 

Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Rowland as 
applied to claim 1 above, and further in view of Henrick et al (6,055,510). 

Regarding transmitting user information from a centralized repository which stores user 
information for a plurality of users. 

Rowland does not expressly disclose transmitting the user information from a centralized 
repository that stores user information fro a plurality of users. 

Henrick discloses a system and method of storing user information in a centralized 
repository (column 4 lines 32-37) and transmitting the user information from this centralized 
repository to a website (particular advertiser; column 4 line 66 to column 5 line 10) 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a central repository to store the user information and transmit the user 
information to the host website. One of ordinary skill in the art would have been motivated to do 
this because the ISP can take advantage of the unique customer knowledge with respect to user 
likes and dislikes, while preserving the privacy of the customer, to attract businesses with interest 
in customer bases. 

Claims 8-9, 11, 13-15, and 19-21 rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rowland in view of Davis et al (6,367,009 Bl) 

In reference to claims 8, 13, and 19, Rowland discloses a method for acquiring user 
information that is used to personalize a web site for the user (column 1 lines 1-30 in 
combination with abstract), comprising receiving a user code from a user, the user code being 
associated with a particular information set pertinent to the user (Fig. 5 and 6); and the website 
host receives the information set associated with the user code (column 6 lines 28-41). 

Although Rowland discloses the website host requesting user information (column 6 lines 
12-15), Rowland does not disclose the user information being stored at centralized repository and 
providing the user code to the centralized repository. 

Davis discloses the ETS that is a relational database manager (centralized repository 
storing) that stores user information needed by the intermediate MTS (website server; column 9 
lines 24-48). The client delegates authentication to the MTS to retrieve the user information. 
The MTS uses the certificate chain, which includes information from the client certificate that 
was provided by the client (column 13 lines 1-58), this performs the function of providing 
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authentication and code required by the ETS (column 14 lines 14-40) to authenticate the MTS 
and provide the user information (column 9 lines 25-48 in combination with column 13 lines 53- 
58). This is the function of the user code sent to the website host. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a central repository to store the user information and transmit the user 
information to the host website. One of ordinary skill in the art would have been motivated to do 
this because the ISP can take advantage of the unique customer knowledge with respect to user 
likes and dislikes, while preserving the privacy of the customer, to attract businesses with interest 
in customer bases. 

In reference to claims 9, 14, 20, wherein the step of receiving a user code comprises 
automatically receiving a user code when the user visits the web site (column 6 lines36-44). 

In reference to claims 77, 75, and 21 wherein the step of receiving a user code comprises 
receiving a user code that is manually entered by the user at the web site (column 6 lines 45-51). 

In reference to claim 10, wherein the user code is automatically appended to a uniform 
resource locator (URL) of the web site. 

Rowland and Davis do not expressly disclose the code being appended to the URL of the 
web site. 

However, since Davis discloses sending the certificate as part of a message and Rowland 
discloses sending the request with the information that the web server requires, at the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to append 
the code to the URL. One of ordinary skill in the art would have been motivated to do this 
because it would conserve bandwidth to send it as one message instead of multiple messages. 
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Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Rowland and 
Davis as applied to claim 8 above, and further in view of Schneier. 

In reference to the user code comprises a transient key. A transient key is a key that 
expires after a period of time. 

Rowland does not expressly disclose the code that was designated by the user comprising 
a transient key. 

Schneier teaches that a key should expire automatically; therefore a system should have a 
policy that determines the permitted lifetime of a key (pages 183-184). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a code that expires after a certain period of time as disclosed in Schneier in 
the system of Rowland. One of ordinary skill in the art would have been motivated to do this 
because the longer the code is used the greater the chance that the system will be compromised. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

PWK 

Friday, October 29, 2004 




